<?php
	session_start();
	include "init.php";

	$formuser 	= $_POST['user'];
	$formuser 	= substr($formuser, 0, 20);
	$formuser	= strtolower($formuser);

	$formpw 	= $_POST['pw'];
	$formpw 	= substr($formpw, 0, 20);

	mysql_connect($DBhost,$DBuser,$DBpass) or die("Unable to connect to database");
	@mysql_select_db("$DBName") or die("Unable to select database $DBName");
	$sqlquery 	= "select * from $TListName where Username = '$formuser' Limit 0, 1";
	$results 	= mysql_query($sqlquery) or die("Unable to query : " . mysql_error());
	$line 		= mysql_fetch_array($results, MYSQL_ASSOC);
	$valuser 	= $line["Username"];
	$valuser	= strtolower($valuser);
	$valpw 		= $line["Password"];
	$vallistid	= $line["ListId"];
        $fromphone      = $line["CellPhone"];

	mysql_free_result($results);
	mysql_close();

	if ($valuser == $formuser && $valpw == $formpw)
	{
		$_SESSION['listid'] = $vallistid; // store session data
		$to = "/receivers/$vallistid/$fromphone";
	}
	else
	{
		$to = 'index.php?cmd=login';
	}
	header('Location: '. $to);

?>